Stored Cross-Site Scripting Vulnerability in FactoryTalk DataMosaix by Rockwell Automation
CVE-2026-9292
8.4HIGH
Key Information:
- Vendor
Rockwell Automation
- Vendor
- CVE Published:
- 14 July 2026
What is CVE-2026-9292?
A security issue within FactoryTalk DataMosaix™ Private Cloud arises from improper handling of user inputs in the Workflows configuration. This Stored Cross-Site Scripting vulnerability allows authenticated attackers with elevated privileges to inject harmful scripts into the server. As a result, these malicious scripts can be executed in the browsers of other users visiting the compromised page. This malicious activity can lead to unintended consequences such as account takeover, credential theft, or users being redirected to malicious sites, significantly compromising the security of the application.
Affected Version(s)
FactoryTalk® DataMosaix™ Private Cloud Version 8.02 and below